معرفی بدافزارها با نام جعلی نرم افزارهای امنیتی و کاربردی

**Borna66** · 06-28-2009, 10:14 PM

AntiSpy 2008

کد:
c:\Documents and Settings\All Users\Desktop\Launch Antispy 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpy
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpy\AntiSpy 2008
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpy\AntiSpy 2008\Launch Antispy 2008.lnk
c:\Program Files\AntiSpy
c:\Program Files\AntiSpy 2008
c:\Program Files\AntiSpy\AntiSpy2008
c:\Program Files\AntiSpy 2008\Antispy2008.exe
c:\Program Files\AntiSpy 2008\info.bin
c:\Program Files\AntiSpy 2008\resources.bin
کد:
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{DA7C0B96-87EF-484A-B67C-EBF12E666C2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "AntiSpy2008"

**Borna66** · 06-28-2009, 10:15 PM

Antivirus Plus

کد:
c:\WINDOWS\system\rundll32.exe

**Borna66** · 06-28-2009, 10:15 PM

Pro Antispyware 2009

کد:
O2 - BHO: mxlivemedia browser enhancer - {FDA08241-09F3-2DBE-22B1-5B44B581231C} - C:\WINDOWS\system32\gisyflngpshcvuakv.dll
O4 - HKLM\..\Run: [mfhsornwnduy] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\gisyflngpshcvuakv.dll"
O4 - HKCU\..\Run: [Pro Antispyware 2009] "C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe" /autorun
کد:
HKEY_CURRENT_USER\Software\{EBFF3366-F653-ACA1-0798-E062A58FA824}
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{FDA08241-09F3-2DBE-22B1-5B44B581231C}
HKEY_CURRENT_USER\Software\Solt Lake Software
HKEY_CLASSES_ROOT\CLSID\{FDA08241-09F3-2DBE-22B1-5B44B581231C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDA08241-09F3-2DBE-22B1-5B44B581231C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\uzymaulreqvtfzbe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "mfhsornwnduy"

**Borna66** · 06-28-2009, 10:15 PM

Security 2009

کد:
c:\Program Files\Security 2009
c:\Program Files\Security 2009\uninst.exe
%UserProfile%\Desktop\Security 2009.lnk
%UserProfile%\Application Data\install.exe
%UserProfile%\Application Data\Security2009.exe
%UserProfile%\Application Data\Security2009
%UserProfile%\Application Data\Security2009\SC_Base_new.dat
%UserProfile%\Application Data\Security2009\SC_Config.ini
%UserProfile%\Start Menu\Programs\Security 2009
%UserProfile%\Start Menu\Programs\Security 2009\Purchase License.url
%UserProfile%\Start Menu\Programs\Security 2009\Security 2009.lnk
%UserProfile%\Start Menu\Programs\Security 2009\Support Page.url
کد:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Secure
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\Security 2009.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Security 2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "Security 2009"

**Borna66** · 06-28-2009, 10:15 PM

SpyProtector

کد:
c:\Program Files\Spy Protector
%UserProfile%\Application Data\install.exe
%UserProfile%\Application Data\shellex.dll
%UserProfile%\Application Data\srcss.exe
%UserProfile%\Application Data\Mozilla\Firefox\Profiles\s1jqw0bz.default\par ent.lock
%UserProfile%\Application Data\Mozilla\Firefox\Profiles\s1jqw0bz.default\boo kmarkbackups\bookmarks-2008-10-19.html
%UserProfile%\Application Data\SpyProtector
%UserProfile%\Application Data\SpyProtector\SC_Base_new.dat
%UserProfile%\Application Data\SpyProtector\SC_Config.ini
%UserProfile%\Desktop\Spy Protector.lnk
%UserProfile%\Start Menu\Programs\Spy Protector
%UserProfile%\Start Menu\Programs\Spy Protector\Purchase License.url
%UserProfile%\Start Menu\Programs\Spy Protector\Spy Protector.lnk
%UserProfile%\Start Menu\Programs\Spy Protector\Support Page.url
کد:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\SpyProtector
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sp y Protector
HKEY_CLASSES_ROOT\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}
HKEY_CLASSES_ROOT\CLSID\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlers\Spy Protector
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandler s\Spy Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\srcss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "Spy Protector"

**Borna66** · 06-28-2009, 10:16 PM

PC Defender 2008

کد:
c:\Program Files\thcrkrj0etfg
c:\Program Files\thcrkrj0etfg\database.dat
c:\Program Files\thcrkrj0etfg\license.txt
c:\Program Files\thcrkrj0etfg\MFC71.dll
c:\Program Files\thcrkrj0etfg\MFC71ENU.DLL
c:\Program Files\thcrkrj0etfg\msvcp71.dll
c:\Program Files\thcrkrj0etfg\msvcr71.dll
c:\Program Files\thcrkrj0etfg\thcrkrj0etfg.exe
c:\Program Files\thcrkrj0etfg\thcrkrj0etfg.exe.local
c:\Program Files\thcrkrj0etfg\uninstall.exe
c:\Documents and Settings\All Users\Desktop\PC Defender 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008\How to Register PC Defender 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008\License Agreement.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008\PC Defender 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008\Register PC Defender 2008.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Defender 2008.lnk
%UserProfile%\Application Data\thcrkrj0etfg
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKCU
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKCU\RunOnce
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKLM
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKLM\RunOnce
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\StartMenuAllU sers
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\StartMenuCurr entUser
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\BrowserObjects
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Packages
کد:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\thcrkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\thcrkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform "pcdefender2008"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "SMthcrkrj0etfg"

**Borna66** · 06-28-2009, 10:16 PM

Antivirus Plasma

کد:
c:\Program Files\Antivirus Plasma
c:\Program Files\Antivirus Plasma\Antivirus.exe
%UserProfile%\Start Menu\Programs\Antivirus Plasma
%UserProfile%\Start Menu\Programs\Antivirus Plasma\Antivirus Plasma.lnk
کد:
HKEY_CURRENT_USER\Software\Antivirus Plasma
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "avpl"

**Borna66** · 06-28-2009, 10:17 PM

RapidAntivirus

کد:
%UserProfile%\Application Data\Rapid Antivirus
%UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_
%UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_\base.dat
%UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_\base2.dat
%UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_\Desc.dat
%UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_\spline.dat
%UserProfile%\Application Data\Rapid Antivirus\Rapid Antivirus.ini
کد:
HKEY_CURRENT_USER\Software\Rapid Antivirus

موضوع: معرفی بدافزارها با نام جعلی نرم افزارهای امنیتی و کاربردی

ابزارهای موضوع

نمایش

برچسب برای این موضوع

مجوز های ارسال و ویرایش